EnCE - next course/cert

si20

This year, I've managed to get the eJPT and the Network+. Next up, i'm going for EnCE. In fact, I've just started EnCE. It looks like it's a huge course. I'll use this thread to document my progress and let you know my thoughts on it as I go along.

If anyone has done it, please also let me know your thoughts too! I've not seen any recent posts about it on the forum.

JDMurray

I did EnCE v6 about ten years ago, so I'm sure that I won't be much help with the current EnCE cert now. The v6 practical exam was a lot of fun, but the online written exam was a joke. 

si20

What does the written exam involve? My workplace has thrown me into this one. It's not something I'd have chosen to take I don't think!

JDMurray

As I remember, the written exam was basic digital forensics. You had to pass it before you would be snailed the CD with the practical exam. I got the impression the written exam was to weed-out the people who were just looking to pick up a DF cert for the resume candy and didn't really need to use EnCase. This was 10 years ago; I assume EnCE is all Cloud-based now.

chrisone

Funny I just started the 210 course. It is a work goal for 2021-2022. Hope to knock it out by November, I really want Dec-January off lol

si20

Failed EnCE’s multiple choice exam. Have to say that the retake fee is expensive. Materials were shockingly poor and didn’t bear much resemblance to the multiple choice exam. Probably won’t be retaking.

JDMurray

Where did you get the study materials from?

si20

JDMurray said:

Where did you get the study materials from?

They were opentext’s own materials. 

chrisone

Sorry to hear about your experience. I studied flash cards from an older practice tests I found online. They are not **** and they helped me during the multiple choice test.  At the very least these practice tests, although for v6 and older, they helped me get a very good grasp on style of questions and what to expect. Like I said these are NOT **** and memorizing these questions will not help you. I can send you a link to these study flash cards. You can google it too, its not hard to find. I think the ones I used were from quizlet.com (various users upload study flash cards for free.) Again, these are NOT ****! 

I passed phase 1 and I am finishing the last question 18 from phase 2 today. All within a month's time frame. I still have until the 24th of April to turn in my report. So I will use that time to go over everything again and to make sure my report is sharp. 

If you need to DM me please reach out.

Hope you don't give up. I did not take this exam seriously until I started doing the labs at the end of the course materials. I also gained more respect for it once I was bombing the practice questions. Let me know if you need any help.

Edit: Also wanted to let you know that although you felt the materials were off from the multiple choice questions, the materials are identical to the phase two hands on case exam. The multiple choice questions you can get through, give it a chance, you will see with the practice questions you will be more confident. 

jwong

chrisone said:

Sorry to hear about your experience. I studied flash cards from an older practice tests I found online. They are not **** and they helped me during the multiple choice test.  At the very least these practice tests, although for v6 and older, they helped me get a very good grasp on style of questions and what to expect. Like I said these are NOT **** and memorizing these questions will not help you. I can send you a link to these study flash cards. You can google it too, its not hard to find. I think the ones I used were from quizlet.com (various users upload study flash cards for free.) Again, these are NOT ****! 

I passed phase 1 and I am finishing the last question 18 from phase 2 today. All within a month's time frame. I still have until the 24th of April to turn in my report. So I will use that time to go over everything again and to make sure my report is sharp. 

If you need to DM me please reach out.

Hope you don't give up. I did not take this exam seriously until I started doing the labs at the end of the course materials. I also gained more respect for it once I was bombing the practice questions. Let me know if you need any help.

Edit: Also wanted to let you know that although you felt the materials were off from the multiple choice questions, the materials are identical to the phase two hands on case exam. The multiple choice questions you can get through, give it a chance, you will see with the practice questions you will be more confident. 

Chris, are those questions in quizlet.com similar with Phase 1 Exam?

jwong

I prepare to take phase 1 Exam soon. But I cannot find any practice test. Just based on video, pdc files (notes) and study guide, is it enough to pass phase 1 exam?

chrisone

The questions test similar topics. They are not word for word so it is not a [forbidden word]. To be honest I would have failed not having them. At the very least I had something to help me get into the rhythm of forensics style questions. For instance you can only formulate a question about binary, FAT, FAT32, NTFS in a finite amount of ways. So in my experience with these practice questions they helped me have an idea of how forensics questions flowed. The PHASE 1 EnCase is open book exam. So I referenced course materials when I got stuck, which was plenty of times. 

Hope this helps. 

jwong

Thx Chris. I just passed Encase Phase 1 Exam today. Your comments made me have confidence to take Exam!! quizlet.com is useful. Another one I tried was udemy.com, that one needs to pay, but it contained more questions (worth to pay). For exam, I think Phase 1 Exam is more focus on using Encase / Interface / feature etc. Phase 2 Exam may focus on case investigation (unsure because of waiting to take Phase 2 Exam).  Only thing I can't believe is, even Official study guide (version 2012 from Steve Bunting) wrote 10 years ago, but it is still very useful in Exam.  

chrisone

Congrats! good to hear you passed Phase1. I haven't seen the Udemy test questions yet. Good luck on the Phase 2 portion. I  have referenced the exam books frequently and referred to the methods used to obtain the needed information from the examples in the book. You just adapt it to the exam you get. 

I turn in my report this Sunday.  hopefully I pass on first try. 

JDMurray

I thoroughly enjoyed the EnCase v6 Phase II exam I took about 12 years ago. It's nice to have time to do a detailed investigation of digital media without a very short time deadline.

chrisone

It is fun, I just hate being pulled in different directions. I am only doing this to help out my employer as they only have 1 forensics person on staff. But eventually that is a management responsibility to grow that forensics team. 

I am shooting for cloud security , specifically the new Microsoft Cybersecurity Architect route. CloudSec + SOC/BlueTeam/IR/AD Security & Hardening, now throw in Forensics, is over reaching to ask any employee to cover. 

EnCase has been a long journey, I been at this for 8-10 months now. Just happy its coming to end. I will help out with minor cases, its not my field to be handling major cases. 

JDMurray

Make sure you learn and perform Chain of Custody correctly. All your hard work goes into the shredder if you don't maintain traceable control of all your evidence.

jwong

Hey Chris, how's your phase 2 Exam going on? Are you able to answer all 18 questions? I am stuck on video's questions. Likely need to use TrueCrypt but I can't find password. Are you able to recover video finally? Hope that you passed!!

chrisone

Got stuck on the same place. Answered everything including q18, but couldn't answer those two. I already turned in the report and awaiting the results. 

si20

jwong said:

Thx Chris. I just passed Encase Phase 1 Exam today. Your comments made me have confidence to take Exam!! quizlet.com is useful. Another one I tried was udemy.com, that one needs to pay, but it contained more questions (worth to pay). For exam, I think Phase 1 Exam is more focus on using Encase / Interface / feature etc. Phase 2 Exam may focus on case investigation (unsure because of waiting to take Phase 2 Exam).  Only thing I can't believe is, even Official study guide (version 2012 from Steve Bunting) wrote 10 years ago, but it is still very useful in Exam.  

Can you point me to which Udemy course you went for? and how useful was it? I'm going to give this exam one more go. But seriously, opentext suck for increasing the price of a re-take (money hungry)

jwong

Udemy one contained 2 set of practices and 1 set of training question which was very similar with real exam. As I remembered, most of contents which covered in Steve Bunting's study guide book but it would be more easy for revision.  Recommend to pay for it (is not expensive). At least, if you can100% correct and understand those answers in practice test, you will have confidence to start your Phase 1 exam. 

chrisone

Just wanted to update this post but I passed the phase2 and got the EnCE certification. As I was messaging Si20 , I felt that this exam wasn't as hard as OSCP, elearnsecurity professional level exams, or CCNA/CCNP level exams. 

I basically answered every question besides 16-17 by going over the examples within the exam prep course book and seeing the course videos I still had access too (had bought the on-demand courses for the first two courses, the prep course was live virtual). Truthfully you won't need the videos as they are just 1 to 1 examples of whats covered in the book. 

Good luck to the rest of you taking this exam! 

jwong

Congregation Chris! You are so smart!! Even without answering 16 & 17, you still passed. Seems others you could fully answered correctly. I am still struggling how many drive should be able to retrieve. I found C, D, M drive. But seems there is F drive which I have no idea how to retrieve. Is F drive need to retrieve (or exist)?

chrisone

Can't give you that answer, but try using the enscript and pathways options to find your answer. 

jwong

No worry, I found the way already. Thx

sim20

Temporarily lost access to account so i'll post using my backup account - This was BY FAR the worst company / worst course I've ever done. From start to finish it was a total sh*tshow.

The EnCE study videos sound like they've been recorded on a nokia 3310 - hiccups, sneezes, clearing throat sounds in many videos. The Phase I exam isn't even covered in the videos - the Phase I exam is actually (somewhat) related to a separate email they send you containing a pdf. Unless you knew this prior to siting the exam, there's an extremely high chance you'll fail.

Here's the kicker. It just so happens if you fail, it's around $500 for a re-take. It used to be around $200 for a retake when Guidance Software were at the helm, but Opentext are out for your money. You also cannot re-take for approx 2 months - and you only get a pass/fail, so you have no clue if you were close to passing or not.

To add to my list of complaints, after passing Phase I, the company sent out the wrong Phase II instructions - so I spent X amount of time working on it, only to realise I couldn't answer it properly due to an error on their part.

I passed anyway and was asked if I wanted a physical certification - of course, I said yes, and  I was then told that they cannot send them until they meet a minimum order requirement.

Unless your company pays, I strongly advise to avoid this stinker of a course. There's far too many better providers out there. I sense Opentext's EnCE's days are numbered unless they dramatically overhaul and improve it.

JDMurray

You are referring to an EnCE study course from which training provider? From opentext itself?

sim20

JDMurray said:

You are referring to an EnCE study course from which training provider? From opentext itself?

That’s right, opentext themselves. For the price they ought to be ashamed 

JDMurray

opentext courses are expensive because their target customers are businesses and not individuals. This is the first I've heard their training materials are such poor quality. I took the EnCE (v6) back when they were Guidance Software. The official materials were quite good, as was their instructor. However, the online DF exam that was given to qualify for the EnCE practical exam was very poorly crafted and too simplistic. The EnCE practical was one of the most fun and interesting cert exams I've ever taken.

jwong

From my experience, if you are only studying official study materials provided by opentext, it is very difficult to pass phase 1. However, even I have GCFA, I still think training video is very useful. At least I cant find any other course provided that detail on explaining MFT / lnk stuff. For phase 2, it is funny game. It gave me chance that practice the thing which mentioned in video. Only thing I would like to complain is study materials cant print or open after 1 yr. Just feel unhappy on this arrangement!

Taco00

jwong said:

From my experience, if you are only studying official study materials provided by opentext, it is very difficult to pass phase 1. However, even I have GCFA, I still think training video is very useful. At least I cant find any other course provided that detail on explaining MFT / lnk stuff. For phase 2, it is funny game. It gave me chance that practice the thing which mentioned in video. Only thing I would like to complain is study materials cant print or open after 1 yr. Just feel unhappy on this arrangement!

I had the same situation with opentext giving me incorrect stuff. Then they gave me a new ence license took me another month, on top of the grace period they give you between exams, to be able to start phase 2.

I've been stuck on my 7zip/video question for almost a week.